This is absolutely fear mongering. The solitaire that used to ship with every version of windows is still absolutely 100% free in Windows 10. Some extra social based features are the only things that are unlocked by paying the subscription fee. Nothing about the core solitaire experience has changed, and it isn't a canary dying.
Is it not true, then, that if you don't pay for the upgrades the base solitaire app contains ads? If it does not, then I and presumably also the people making a fuss about this have been misinformed.
The guide shows how to disable sending updates from your computer to other computers on your LAN or on the Internet. It doesn't suggest disabling updates anywhere...
I don't understand why you would want to disable LAN distribution of Windows 10 updates to your other Windows 10 machines. It seems like a great way of avoiding multiple downloads of the same thing, and I'd love something similar for Linux (aptorrent or something; manual rsync of /var/cache/apt/archives isn't quite the same, neither is apt-mirror).
Disabling uploads to other external machines does make sense to me, though.
Probably not much point in disabling that. Disabling downloads from other machines on the web makes more sense if you have a data cap or are charged per MB, which is common in some countries. It's not really a privacy-related change as far as I can see.
Unfortunately, the ad under "Does this banner show ads based on your interests? If yes, you have been tracked" is a link to what I can only imagine is malware, given that it's an "Update Drivers Now" ad. As such, this site isn't really appropriate to send to the average non-technical user, as given my experience from working at an IT help desk years ago, people will end up clicking that ad and installing the malware...
I keep going back and forth about installing one for my parents, after having had to deal with a couple of full screen "ads" that mimicked Windows having a security crisis.
I say "ads" because while the thing was a obvious (to me) scam, it came while browsing Facebook of all places. As such, the only way i could see it happen was via the Facebook advertisement system.
I see that you've never worked in tech support. :) The sad answer is that yes, many users are confused by these ads, thinking that they actually reflect a problem with their computer, and proceed to install whatever they link to. Since the site is trying to help non-technical users achieve greater privacy, I find the inclusion of these kinds of ads disappointing.
I look at this list and I think of my grandmother, who would never do this, never even think to do it.
"The windows" is her friend, and she's relatively tech savvy for a person of her generation.
Heck, people my mothers generation would not think to do this.
Heck, even my brother would not think to do this, or to look for this. If it's not a single place, if you have to open the command line (on windows) then the ability for a reasonable user to gain privacy is nonexistant.
the option might as well be a toggle switch in the middle of Tanzia, it will be noticed all the same.
"[X] could care less" is idiomatic English, not a mistake. It may have been an identifiable Yiddishism at one time, but it's a naturalized citizen at this point, and has been for decades. If you are looking for a living language in natural, everyday use to conform to some sort of formal logic, you have a lifetime of disappointment ahead of you.
Idiomatic _American_ English, perhaps, but even otherwise, it's still a grammatical error. Just one that's become ubiquitous to the point that speakers in one place don't care or don't notice.
> Idiomatic _American_ English, perhaps, but even otherwise, it's still a grammatical error.
Its not a grammatical error (grammatically, its basically identical to the "could not" form, since "could" and "could not" are usable in the exact same grammatical positions.) There is a semantic mismatch between the individual terms taken in isolation and the idiomatic meaning of the phrase, but this is not uncommon in idiomatic phrases (one can view it as something like "[x] could (in theory, though it is unlikely in practice) care less.")
Frankly your "grandmother" is better off not doing this anyway.
She needs the anti-phishing filter, the anti-malicious app & URL filter, and will want useful features like Cortana, predictive search, page compatibility modes, allowing websites/apps to ask for her location (e.g. Google Maps), and her files to be backed up when her computer fails.
You can argue if certain things help your "grandmother" (e.g. telemetry, advertiser IDs, etc) but this seems like to throws the baby out with the bathwater.
PS - Windows 10's defaults could be better. But this takes it to the other extreme, disabling legitimately useful functionality (in particular security focused functionality).
>will want useful features like Cortana, predictive search, page compatibility modes, allowing websites/apps to ask for her location (e.g. Google Maps), and her files to be backed up when her computer fails.
Have you ever had a grandma? My grandma literally plays solitaire and checks her email, that's it. She wants nothing to do with cortana.
I set my grandma up with Ubuntu and set the homepage of firefox to her email. I've never had a problem.
My grandma also mostly plays games and checks her email/Facebook, but she also occasionally has to search the web and has used Siri on her iPad, I don't think Cortana would be that big of a stretch to get her into (e.g. I've seen her use Siri semi-regularly to check the local weather).
To be frank, she would likely be better off with a Chromebook. But unfortunately she has a few games she plays which are Windows binaries (e.g. those $5 CDs containing "2500 card games").
Cortana is no more or no less accessible than Siri.
The problem with Cortona and Siri is that they process everything on remote servers while it could easily be done on a local machine. They do this to be able to save all that data (and take away your privacy).
Apple saves Siri's audio for 2 years for example... not sure what Microsoft's policy is on this...
I think you're going to need to provide some evidence to support that. It is not intuitively obvious in the slightest, especially given how frequently Cortana/Siri/GoogleNow trip up even with a data center backing them.
Seriously, if processing locally was so easy but they still wanted to steal all your data, they would crunch it locally & give results, and silently ship off the recording to an archive in parallel. Local processing is cheaper for them (bandwidth, compute) and faster for you.
I wonder if instead of fixing the OS directly, it'd be better to make the firewall changes in an Internet router and just send them the new one. You'd probably want to keep the existing router as well to avoid the need to login to find ISP settings (or avoid calling the ISP), but as long as the new router can be setup as a bridge to the existing one I see no reason why it couldn't work.
The added advantage of doing this is that you can block all traffic associated with Microsoft's user tracking servers, which should work (as long as Microsoft don't switch the server name in use).
Either that or recommend avoiding the Windows 10 upgrade. Windows 7 in particular should be sticking around for quite a while yet.
The ironic part is that people have just become accustomed to (or ignorant of) the way data is gathered from your average Android phone. Everyone is upset about Win10, but little attention is given to Android and the associated ecosystem of apps.
Not quite. I do expect more respect for my privacy from my computer OS than I expect from my smart phone OS. My personal computer holds way more sensitive and important information than my smartphone.
1. Turn off every Windows feature mentioned in this article.
Installing an AOSP ROM is an order of magnitude harder than disabling the privacy-concerning settings in Windows considering that you probably would need to extract (or write your own) drivers from the vendor-customized ROM.
Not the first attempt I've seen to summarise all the fixes for the privacy leaks. But given I've seen 2-3 articles on the HN homepage so far this week that MS still sends all kinds of crap and of course has the ability to patch these workarounds - consider me sceptical!
This is a game people are going to lose. If MS cared about privacy this wouldn't have happened in the first place. Just don't use Windows. Use your favourite Linux distribution.
Shutting off smartscreen is short sighted and wrong. Its no different than the lists Chrome and FF use to block malicious sites. These lists are shared via a shared security initiative between the major browser makers. Disabling this is a good way to make sure you get cryptolocker.
Shutting off cloud-based protection in Defender is equally stupid. Now you're not getting instant and up to date virus definitions from the cloud-based system of honey pots, third party hashes, etc. All you have then is day or days old virus defs that are pretty much useless against modern polymorphic threats.
I really hate it when people purposely conflate security and privacy to win political points. None of the above is controversial and if you run any AV or use any browser, you're already doing this and you didn't have a problem with it before. I think its pretty clear that the person who made this list just found all the sliders for 'no' and doesn't realize what he's doing from a security perspective. If you use Windows, you should be using all the security features you possibly can (on top of running behind a router doing IPS/IDS and making sure to use a standard non-admin account - the UAC fails in many places limited standard users don't). Signed, a Windows sysadmin.
edit: really downvotes? Telling people to disable security features in an OS shouldnt be applauded, especially on a tech forum. This is "grandpa" level IT advice here.
The problem I have with the current settings in Windows 10 is how they seem to lump together vital security update functionality with Cortana and other datamining features. They shouldn't be part of the same 'module' as it were. But someone at MS HQ thought it was a good idea for some odd reason. I can't see this as anything but a way to sweeten the medicine they feel we need to take. IMO, if they were up front about what each feature does and how to enable/disable it wouldn't get anything close to the pushback it's getting now.
It just seems the suits on high think they know better than the rest of us and that's a troubling attitude. What if they think that end-to-end encryption isn't a good thing and that they need to force us "naughty children" to not use it? Well there goes your enterprise customers who have to use said encryption to secure work stations from industrial espionage.
Well, I'm not an expert on UI stuff, but the author did go right into Defender's settings and choose to disable the cloud definitions. How is that misleading? MS didn't hide that setting. Its in a logical place. Its obvious the author didn't bother to understand what cloud definitions are, just saw the word "cloud," and put on his Mr. Privacy Expert hat and told everyone to turn it off.
I do agree that Smartscreen is in a silly place, but because MS now uses it for not only sites but MS Store links, it kinda makes sense to move it out of the browser and into a more general place. Sadly, links like these guides get everywhere on the internet. Lots of people are now going to be at risk at easily avoided malware and phishing attempts because of his laziness and stupidity.
In a couple months we'll have articles about "Why is Windows 10 getting so much malware?" Gee maybe because everyone disabled the security features in an angry privacy fit without considering the consequences or thinking through the problem? The same way geeks freaked out when the UAC in Vista was revealed and disabled it, along with the security layer it provides.
The issue is that both SmartScreen and Defender 'cloud' protection upload or otherwise inform Microsoft about what you are downloading. For example, it could conceivably track and prevent you from downloading and using Tor. For most Western countries that's not a problem, but is the data sent encrypted? Could an adversary (nation-state) MITM your connection (e.g. GFoC) and immediately be informed about who downloaded Tor, even if they had been using a VPN or other circumvention mechanism? (Windows Defender scans files as soon as you open the directory, not just the first time)
Also, I don't think Defender's cloud-based protection has anything to do with updates. These are delivered via WU; I think it's more to do with informing Microsoft about detection or suspicious files so they can be analysed.
(Not voted either way)
Edit:
I really wish people would say why they downvote. Otherwise I have no idea what you disagree with or whether you think what I've written is factually incorrect.
"when you open a file, we may collect information about the file, the application used to open the file, and how long it takes to use it for purposes such as improving performance (e.g. to help retrieve documents more quickly)"
Note, I have 'Cloud-based protection' disabled and I'm still getting (near daily) definition updates, so the two definitely are not related.
Let's clarify: disabling smartscreen for privacy reasons is different that keeping it enabled for security reasons. Smartscreen sends urls you visit to Msoft, and since Win8, it sends filenames of downloaded files to Msoft too.
As for the security argument, smartscreen only works in IE, so for those of use who don't want any of that turned on, and use FF (instead of chrome), where we download the blacklist instead of sending it outside our network, we can still maintain the same level of security while adding a layer to our privacy.
The same for cloud based Defender. There is no reason I shouldn't be able to turn it off if I have an approriate replacement that protects my privacy.
Which also means you are wrong when you say "if you run any AV or use any browser, you're already doing this". Nope, not at all, and either you are unaware of what you speak of or you are being disingenuous.
>The same for cloud based Defender. There is no reason I shouldn't be able to turn it off if I have an approriate replacement that protects my privacy.
Your AV is doing exactly what Smartscreen does and so do many security products. Its a common feature, where are the privacy guides for that? Oh right, there's a double standard for MS.
Also, the author didn't disable Defender because he is using a different AV. He left it on and just disabled the cloud definitions feature, meaning he's not going to be up-to-date on definitions. Cloud defs are a bit different than what you get via WU. Its a dynamic list of suspicious hashes that's constantly being updated via honeypots and such. The author clearly does not understand what he is recommending.
"Your AV" you don't know what AV I'm using, and you're wrong. I have setup a local update server which regularly downloads updates from the vendor and then updates endpoints on the LAN with no traffic going from LAN->Cloud for that.
"so do many security products. Its a common feature"
That also is why I don't use those products, and many others would agree.
"where are the privacy guides for that?"
I don't know, but are you trying to pretend there are none? If you are asking did you even do a couple of searches? I doubt it.
"Oh right, there's a double standard for MS."
Nope, same standard for all things. I don't like it if you send any of my or my computers info to servers without my knowledge of the content or purpose and I explicitly approve.
"Also, the author didn't disable Defender because he is using a different AV. He left it on and just disabled the cloud definitions feature, meaning he's not going to be up-to-date on definitions."
Once again... wrong. The cloud feature is for sending info about what is on your computer to MS so they can use it to update the definitions, it does not provide the definitions itself.
"Cloud defs are a bit different than what you get via WU. Its a dynamic list of suspicious hashes" if this is true, then I would be wrong on the previous section, but I have seen no documentation that specifies this. Care to provide a source for this info?
> Having to explain simple concepts to you makes me think you're an idiot.
You can't post like this here. Please (re-)read the guidelines and follow them. That means making comments that are civil and substantive, or making no comments.
If you're using your laptop to look for directions to locations on their map app then it's useful. Otherwise, it's useless since it uses geo-ip to find your location.
You realise Chrome, Firefox, and Microsoft all use Google's database[0] for this and have for at least seven year. Why is this anti-phishing blacklist all of a sudden an issue in 2015?
As far as I know, that should be okay. Browsers don't query the database online like some RBL, but download it locally and check visited sites against a local copy. No URLs are sent to Google.
Which is - as far as I know - is very different from how Windows anti-malware system works. At least I think I saw a network requests from Windows 8 machine when "untrusted" applications (.exe) were started.
I find myself reminded of how people oh and ah over Google Now being helpful, while i am sitting here wondering how much Google must know about each person to produce those results.
I am sure the technologists at both Google and Microsoft has the best of intentions with their creations, the question is what happens when a TLA or similar comes knocking.
Lots of apple, and google features are not essential part of the system.
Shall we turn siri off by default?
"Malware databases can exist locally" - You still have to download, and upload definitions. This is what windows defender does. People still complain about that.
It's not that I'm not concerned about privacy. It's the hypocritical nature of people. It only becomes a big issue when Microsoft does it. Anyone else, very little complaints.
Yes, I think Siri should be off by default. Malware databases can be updated when the user updates everything else. The reason people are complaining is that this data is being sent automatically by the OS without their permission or knowledge. It's not just a complaint against MS, but also against other OS's that do the same like Android.
In the other case, you essentially tell the company "hey, I’m visiting website with hash 12345, is that bad?".
This can be abused. Google could with it create a database of everyone who visit, say, pornhub.com, for example, by logging everyone who visits a page with the same hash as pornhub.com
Same with file-based malware databases:
You tell it "I have the file with hash 12345, is it bad?" And, if Google - or the NSA, CIA, FBI, whatever – want to get a list of everyone who has that file, they just ask the database provider to log everyone who checks that hash against the database, then go to the ISP to get the real name of the owner of that IP, and then SWAT the person.
My personal computer is not a phone. I do not require the help of a spyware disguised as an AI to operate it. I have a mouse and a full keyboard.
When I want to interact with the internet, I use a browser. This browser is managed by many extensions that cut down on the information that is being sent about me. I do not want my operating system to talk to the internet without asking me.
Well put. That's exactly my feeling. Even on a phone, a voice based helper should be opt-in as it's not an essential feature and not everyone wants to use it, but everyone wants to not be recorded by default.
Exactly because we don't even know what does it do. (Hey, had anyone did a protocol analysis and/or telemetry binaries reverse-engineering already?)
Do you want your machine to send some information, derived from your personal data, at third-party discretion - without you knowing what exactly is being sent?
No undo function, but you can choose between disabling or permanently removing tracking features.
It only removes the most "controversial" features of the OS (the "keylogger" part), but it may be of interest for those who still want some features, like everything related to security and/or the cloud.
Maybe it can serve as a basis for a more advanced software which will offer more cleaning options. Or maybe such a software already exists (I didn't search much).
• The authors possibly want to show just how complicated and arduous it is to disable this utter disrespect of user privacy, thus teaching the users that all these screens and settings amount to a so-called dark pattern (assuming the best case).
----
I advise you to omit "uhm" from your online forum posts. It comes across as condescending because it makes it sound like you think your conversation partners are morons.
I can't help but feel like some of this is fear mongering. There are some good features in there that are being disabled for the sake of "privacy" like sharing of Windows updates with other computers to speed up downloads. And how do we expect things like Windows Defender or Microsoft's handwriting and voice recognition to improve if we refuse to share back any anonymized information with Microsoft?
>American internet speeds suck enough without Microsoft grabbing some for itself.
Which is why you should only have to download updates once for your entire network and not per device and why you shouldn't waste bandwidth on failed partial updates. This feature fixes both of these issues.
>They seemed to be able to improve their services before. In fact, I think that's what a Security Researchers job is. MS has several of them
I'm a software developer. My job is to write bug free code. My job would be a lot harder if I couldn't get any debug information from my testers or users. Just because it is possible to do a job without certain information, doesn't mean it is a good idea to intentionally withhold that information.
>Neither of which apply to my desktop, so why do I have to give them any information.
If you don't use voice or ink, why are you worried about sharing your voice and ink data with Microsoft?
>Microsoft could have saved a lot of face simply by making all this opt in and off by default.
Because most of these features would have never been turned on by the user. What good is a security setting that is supposed to protect unskilled computer users if it requires in depth knowledge of the OS to turn on in the first place?
> If you don't use voice or ink, why are you worried about sharing your voice and ink data with Microsoft?
For what it's worth, I don't think this is a fair assessment. Sure, with ink data, you actually need a tablet or some kind of input device in order for Microsoft to collect and send data. But almost every laptop or off-the-shelf computer nowadays comes with a microphone, and they will be more ubiquitous now that voice recognition and input is becoming more accepted by the general populace.
The problem then, is that the microphone is _always_ on, and could potentially send _everything_ you say, or could listen in at any given moment. The problem is that with voice data, the feature 1) can't be inspected and 2) will send data, even if you never use the service. Most important here is the latter point: I shouldn't be subject to the terms and conditions of using a service if I am not using a service. By not agreeing to the terms and conditions, I don't get to use the service (Cortana). If I'm fine with that, and don't want to use that service, then the terms and conditions of my data being sent to Microsoft should not apply to me (i.e. my data should not be sent).
Doing otherwise is shady behaviour, regardless of your opinion on the usefulness or nefariousness of the feature in question.
The idea that Microsoft would capture all audio depends on the company being simultaneously malicious enough to bug your computer while being honest enough not to lie about it. The truth is that they would have had the ability to do this type of thing for years. If Microsoft had an intention to do evil things, why would the bring attention to the fact by spelling out the possibility of them doing evil things during installation of their software?
> Which is why you should only have to download updates once for your entire network and not per device and why you shouldn't waste bandwidth on failed partial updates. This feature fixes both of these issues.
There is ONE Windows machine on my network, so there are no other Windows machines to share updates with. There are a tonne on the internet though, I don't care about sharing with them.
> My job would be a lot harder
It's too bad it was impossible to do before Microsoft was spying on its users. Oh wait, it wasn't.
> If you don't use voice or ink, why are you worried about sharing your voice and ink data with Microsoft?
I don't want to send anything to Microsoft.
> Because most of these features would have never been turned on by the user.
There is a reason for that, people don't want it.
> What good is a security setting ...
These are not security settings. The security comes from turning them off.
"And how do we expect things like Windows Defender or Microsoft's handwriting and voice recognition to improve if we refuse to share back any anonymized information with Microsoft?"
Exactly by not sharing any information with MS. If they didn't assume that people wanted to share their private information (they don't), they'd create software with proper architecture that doesn't need to connect to the could to do simple things like handwriting analysis and voice recognition.
I'm not making a joke. There's no need for cloud computing resources for effective voice recognition or handwriting analysis. Therefore, since those applications can run on the device itself, they are rather simple from a network perspective which is what we're discussing here.
> And how do we expect things like Windows Defender or Microsoft's handwriting and voice recognition to improve if we refuse to share back any anonymized information with Microsoft?
By opt-in approach and full transparency on what data's sent.
Seriously, ask me "hey, can you help us?", provide an option to let me see what data exactly was, being and will be sent (NOT some multi-page legalese with notice that everything in there could change at company's discretion) - and unless you're sending something I really don't want to share (like actual raw texts I typed instead of processed statistical data), you're very likely to have my help. And, given the current situation, even praise the approach and suggest other to help the noble intent.
There's a giant difference between this and a pre-installed black box that sends some data which contents I don't even know.
You often hear the phrase "It's better to ask for forgiveness than to ask for permission" especially hear on Hacker News and around start-ups. Microsoft is taking the same approach. I agree that opt-in and full transparency would be the best in an ideal world. But the reality is that people don't care enough and most people wouldn't opt-in willingly or wouldn't realize what they could opt-in to.
When I said "exactly" I meant an option to see down to exact data packets that were sent while participating in the program. Or, if we're talking about the initial consent - the example of such data packet.
Obviously, they're machine-encoded (binary or XML), so the representation should be modified a bit to be more human-readable.
I don't care that I won't know what most of metrics mean exactly ("magic mumbo-jumbo average time: 0.42us" or some hard-to-read probability matrices), but as far as I can see no raw personal data is being leaked out (my private file information, raw texts typed on keyboard, screenshots - this sort of stuff) it's probably OK. The important part is not me understanding the data sent, but the transparency about the program.
> Microsoft's handwriting and voice recognition to improve if we refuse to share back any anonymized information with Microsoft?
Handwriting and voice recognition software have both been available for decades, and have improved considerably over most of that time without most end-users being required to share data back with the software makers (in many cases, without most users even having a mechanism available to do so.)
i clicked your HP link. (because the 76 ones are only desktop computers disguised as laptops, really)
then clicked the laptops link.
then clicked every single one of the models and clicked customize.
every single one of the options were Windows 7, 8, 10. Only.
did you manage to go from that page to any actual product you could just enter your credit card and receive with ubuntu?
PS: i should tell you that i'm not being pessimistic. just realistic. My current personal computer is an Asus eeepc-1000, from 2007 or so. the very first netbook with SSD that shipped with linux. i replaced the asus distro garbage with debian right away, but i got it with linux for the meaning of it.
I've installed Elementary OS to my parents home computer and I never do anything on it, it seems easy enough to use even for people without any computer knowledge. There are way better Linux distributions now compared to what it was before.
Also compared to windows, I don't need to check that they installed some IncrediBar software which is changing the homepage all the time, this is much better for me. Also I don't know how to explain that but the i18n is incredible compared to Windows and it's much more translated even in system parts, there is no english words to scare away my parents. It just feels more pure in terms of translation.
And I think that's the biggest issue is that Microsoft makes it pretty easy to disable them.
Most of these settings are all in the same place, right where you set up the OS.
In my opinion, none of them have to be off. I understand why they're being collected, and I don't mind that information being collected, and I like the things like the predictions as features.
But I do appreciate that they can be turned off. Another OS might just add those things but not make them something you could opt out of at all.
I mean, even Ubuntu went and sent all of your search data to Amazon by default for a while without any simple way to opt out of it, which to me is worse than Microsoft itself collecting Cortana data with the ability to turn the option off at install time.
But the thing about allowing people to choose to turn those features off (or even on) means that they're aware that they're there, while other people can just slip them in as a tiny line somewhere in the privacy policy and not allow you to configure those settings at all.
Yes. Sometimes doing the right thing to protect your rights and the rights of others requires sacrifice. Freedom is not always free (as in beer).
As long as you insist that any potential alternative have the same features, you might as well give up. The incumbent can always create and market a new "feature" guaranteeing any alternative is always playing catch-up.
As time goes on, the lock-in increases and the cost of change becomes more expensive. Do you want to pay this cost now. or do you want to pay an even higher cost in the future after Microsoft - emboldened by the profits from selling user data to their "partners" - decides to make the spying even more invasive?
Do you even want to own a General Purpose Computer? You better make a decision quickly; when Intel's SGX instructions become widespread, it will be next to impossible to disable these "important security features".
I thought I was more or less following the development of PC hardware, but I never heard of this one, and it's not very new already. Wikipedia article [1] on the subject is surprisingly concise, and only quotes Intel homepage on the subject.
Do you have any pointers to independent discussion or analysis of this technology? As with all such new technologies, it might require more than just reading its name or manufacturer's description to understand its implications: like e.g. with Trusted Execution Technology, it takes some research to form an opinion: is it actually about me, the computer's user, or someone else who is going to trust this computer?
can't you search "osx phone home" if you're really interested?
even wired, which usually drink the apple cool aid, reported on it during Yosemite. though the app store reporting is mostly ignored by non geeks, so search deeper for that
> osX invented all this. MS is just catching up. and apple don't even allow you to disable things.
I was pretty sure that I had disabled all my Mac's and iPad's "phone home" behaviours. (Of course, technically, iPad and iPhone are iOS, not OS X.) There are certainly a lot of dials to twiddle, but I thought that I'd hit them all and had found a reasonable amount of privacy (at considerable expense of functionality). What are the non-disable-able features?
I'm not a big fan of google or Apple and I don't think the fact that other big companies rape your privacy justifies Microsoft raping your privacy.
The NSA is making sure no one gets too outraged. You're allowed to get a little upset about windows, seeing as no matter how mad people get, Windows will still be a huge part of tech infrastructure --it won't go away--, and it also placates the masses, it makes them feel like they're rising up and accomplishing something and that they're "right". In the end the NSA is going to spy on you whether you want it or not. There is no opt-out.
>I'm not a big fan of google or Apple and I don't think the fact that other big companies rape your privacy justifies Microsoft raping your privacy.
I agree with you. I just find it curious why tech forums like this one and others appear to go gung-ho whenever something negative is mentioned about MS/Windows but same or worse privacy violations by other companies in software that is very widely used don't seem to trigger the same reaction.
Forced to use Google's cloud? Chrome OS supports local network drives[1], third party cloud providers (like Dropbox), SD cards, USB drives, etc. Nobody is forcing you to store stuff on Google Drive instead of any of those others options.
Yes, your Chrome OS settings are backed up to Google's cloud, but you can always set an encryption passphrase separate from your Google password so that Google can't decrypt your settings.
It's very telling that you get a 3 year free Google Drive storage account with 1TB or so storage instead of more local storage on Chromebooks.
The terms of service allow them to mine all your documents etc. for keywords once it's in their cloud. Otherwise why would they sell Chromebooks at or below cost.
You can just turn off location services on android. However, we also began with almost no privacy expectations on phones from the beginning of smartphones.
The difference here is that people using Windows in the past did have an expectation of privacy, which is no longer the case. Also, privacy is being retroactively removed.
At the end of the day, it is their product and they can do whatever they want with it. People are free to migrate away to Linux.
Fixed: Have a look at ReactOS, a free open source OS that ideally will be binary compatible to Windows if it attracts enough talented and interested developers and gets off the ground.
ReactOS is nowhere near usable as an everyday operating system; the site you linked to even says: ReactOS 0.3.17 is still in alpha stage, meaning it is not feature-complete and is recommended only for evaluation and testing purposes.
I donated to the ReactOS Community Edition Kickstarter and I never got my password to their site to download it.
They need more developers and more money to get out of the alpha phase and into the beta phase.
In all honesty Linux + WINE runs more Windows apps than ReactOS currently does right now. Just get Play On Linux to help configure stuff: https://www.playonlinux.com/
If you don't want a Linux distro but want some alternative OS that is more finished that ReactOS try:
AROS is written to be API compatible with AmigaOS 3.X, got support from Amiga Inc and they even used parts of AROS source code for the latest AmigaOS. They even ported it to 68K Amigas with a new Kickstart ROM replacement.
Haiku and AROS won't run Windows programs, but you can run them in virtual machines and use the software that is available for them.
I am waiting for ReactOS Server where they bundle a SAMBA server, Web Server, Email Server, so it can be a free Windows Server clone and install on Virtual Machines so it has a lower memory footprint than Windows Server. But Microsoft has made Windows Server Core to run with less memory.
The number of options related to easing network access and location awareness demonstrates that Win10 is more aimed at laptops and tablets than desktops etc.
I think Microsoft messed up the messaging and wording of their features, bigtime. Many products these days are integrating analytics to see how their users use their products. Personally, I prefer to disable such tracking, but I don't view it as malicious.
MS should have realized by now that people don't quite trust them with this stuff, and they should have make it clear at the outset that they are never going to use this data for "sharing with their partners" or any purpose other than explicitly as a signal for improving specific Windows features.
They used legal language that allows them much more latitude than what they require. This is most likely intentional (probably for future competition with Google), but IMO they should have gone with a very narrow data use policy.
> They used legal language that allows them much more latitude than what they require.
It's the same trap that people fall in to when site terms of use ask for worldwide, royalty-free, irrevocable license to content that you post. Yeah, that sounds like it's a horrible nastyness, but from a legal point of view that wording is a safety net for the company, not an attempt to claim actual rights over contributed content.
MS has completely failed to control the message here, and everyone's working themselves into a groupthink riot, just like they did over the Ok Google binary blob nonsense.
I think in both the examples you give, what starts out as 'innocuous' and 'well meaning' will inevitably be subverted for something far more nefarious.
Not everyone with a different opinion to you is incapable of forming their own conclusions, or susceptible to groupthink.
Is Bruce Schneier also a victim of this 'nonsense'?
If you believe this is the keystone issue that is going to permanently stain their reputation and pariah Windows around the globe for decades to come... well, you may be in an echo chamber.
I'm not saying it isn't important or a big deal. But- as best I can tell, this is a sideshow compared to some of the offenses that have come before, and in the greater public it seems most people don't even know, let alone care.
Honestly, the only action I can think of that would create a greater stain for Windows reputation is to close itself up, and only permit sandboxed software from a market.
MS may reverse things if they act fast, but Windows is mainly a corporation thing (in revenue, if not volume), and corporations care about information security (in a very incompetent way, but they do care). If Windows gets the fame of sending all your data abroad, it will suffer.
The thing is that a lot of things here are genuinely useful for most users, e.g.:
- Blocking malicious sites.
- Page prediction.
- Improving typing prediction.
- Finding open hotspots and automatic sharing of network credentials with contacts.
- Cortana.
- Search suggestions.
Multiple of these are also already done by Google and Apple, but the riots are much smaller. So, it's probably a mixture of: bad wording, spreading privacy options across too many configuration screens, and all that fuelled by some good old Microsoft hatred (I can't remember people being quite as upset about Android or iOS).
I think everyone would be better off if one of the first configuration steps would give three choices:
1. Protect my privacy completely. No data is sent at all to Microsoft.
2. Only send anonymized data to Microsoft. Data is used in a non-identifiable manner, enables some features such as blocking malicious websites and search suggestions.
3. Send useful data about me to Microsoft. Sends non-anonymous data to Microsoft to tailor Cortana and Windows to your needs. Data is not used for advertising purposes or given to third parties.
Simple to understand and everyone can make pick their own trade-off.
- non-optional forced auto updates (except on Enterprise "long term servicing branch" edition)
Give the user the choice. Compare it to iOS, Android, OSX, Linux everywhere the user has the choice to stop the auto-update, often for important reasons no one thought before.
We used to say the same thing about application software. However Chrome's auto-update feature has been a tremendous benefit. I would argue this is a reasonable direction for consumer OSes to go
Chrome's auto-update is barely noticeable and quite polite, in that it doesn't nag you to restart (or forcibly shut down your current work). Doesn't stop you from shutting it down and barely slows down the next time it starts.
A browser is one thing, it's just an application. The OS is the lowest layer, if you can't control it, you can't trust it. And there is always the option to stop the update in Chrome. If you don't run the OS behind a hardware firewall that can scramble SSL, Win10 will send a lot of data unfiltered and non-optional to its vendor - unacceptable for an operating system (the lowest layer).
Exactly, which is why Microsoft and enterprise IT like to control the updates. If they can't control the updates, they can't trust the computer!
Unpatched, dated, or even EoL OS versions has been a big problem for a long time, and it's arguably even more serious of an issue than dated versions of Chrome.
You want that control for yourself, and I can relate to that, but 99% of users cannot be trusted with that control which is why this happened.
Exactly, which is why Microsoft and enterprise IT like to control the updates
Neither enterprise IT nor consumers can control it, do you get it? Only with the very expensive "Enterprise Long Term Servicing Branch" License, which only a small group of large corporations will be able to license. No other operating system exists that behave in such a way. It's a "Windows as a Service", but many still want a traditional onprimise Windows, the same goes for all other Microsoft software incl. Office and Sharepoint.
It might have helped to offer a "Plain English" version of their legalese, stating explicitly what their goals were for analytics and customer security privacy. People are very wary of things that are unclear, especially with something that they're practically forced to use.
its only one uninvited partner people world-wide are worried about, the US government..that is why China and Russia moved towards no MS software on government computers.
> Both are simple changes and not nearly the same scope as W10's abuses.
Apple isn't limited to collected data just about those two things though. The fact is, Apple's OSs send, by default, a lot of data about you. It knows a lot about you, and by default, can do a lot of what people are afraid Microsoft can do.
If Windows 10's privacy issues are an issue with you, Apple is not an alternative in the slightest.
As a linux user, as much as I'd like to believe you, everything I see about OS X is that its privacy policies and options are far more restricted and in what the OS can do, and it is made far easier to opt out. Like, a single checkbox easy. You actually cannot even disable telemetry on Windows 10 without an Enterprise license.
I've been using a Mac for over a year now and I can count on one hand the number of times I've used Spotlight. (And when I did use it, it was useless at solving my problems.)
However, on Windows the start menu search is actually useful to me, and I use it regularly.
I hear you. I've been a Mac owner for over 19 years. I tried using Spotlight once a couple of weeks ago, and found it completely useless. The classic (pre-OS X) Mac OS had a great search feature, though it didn't use a content index.
I don't think it's ignorant to advocate for one platform over another?
I understand that Mac and Ubuntu both send stuff back home but the amount of things you have to do on a Windows machine to disable this just seems really hefty compared to a Mac or better yet Ubuntu machine (or some breed of Linux)
> "you believe an operating system should configure itself, run out of the box, and include a complete default set of software and desktop environment on the installation media."
Can't get more orange than Arch, for the sake of that comparison!
I expect Microsoft provides their corporate customers with a solution that includes confidentiality and end-user control (i.e., IT department control) of machines. Many business users would not and could not share this info with Microsoft.
Instead of trying to discover and disable each confidentiality threat in the consumer version, the best solution probably is to obtain of that corporate version. Likely you also need to read up on how to configure those featues on TechNet, but generally Microsoft's documentation is complete (if sometimes difficult).
Yep, Win10 enterprise edition has the no telemetry option for example and it is not difficult to get for businesses who pay for volume licensing (though there is the mandatory software assurance that costs a bit more). It also has other goodies like the Long Term Support Branch for critical systems.
I had been looking forward to deploying Windows 10 as well as using the opportunity to update all of our hardware. Instead I find myself disappointed and, frankly, confused.
Why? Well, mainly because we do not have the time and cannot afford the risk of dealing with and navigating through a security and privacy gauntlet.
We need an operating system, not Facebook, running our systems. Before anyone suggests it's no big deal please consider the idea that, when it comes to an OS used in a business/professional context privacy must be a non-negotiable default.
If Windows 10 had a single "Private Mode" switch that turned off all data leaks and monitoring it would be fantastic.
Some might suggest it isn't a big deal because it is annonymized data. The fact that a question exists means we have a problem. It's that simple. And, yes, some of it is FUD.
Suggesting a change to another OS simply isn't reasonable. For one thing, in our case we have a number of engineering applications that will only run on Windows, and that is the case for many professional users.
What I really want are all these annoying fixes rolled up into a tool or PowerShell script so each time a family/friend tells me how wonderful/shitty Win10 is, I can at least quickly deploy this for them.
How naive it is to believe that Microsoft will obey these settings? It is very time-consuming to make sure if they fulfill the promise because that requires reading disassembly as Windows is closed-source. And, even if they were caught not following the settings they could use the word "bug" as an excuse.
Also, it should be emphasized that providing options to disable privacy-invasive features doesn't justify invading the privacy of the non-tech savvy people, who cannot disable privacy-invasive functionalities.
There is something deeply aggravating about having human hands manually adjusting these settings, when we should have some mechanism to automate it. Compters - our tools for automation - are not automated! It's ridiculous, demeaning, disheartening, and sad.
Two things that irked me:
- child accounts need to have an e-mail address to be manageable under Familiy Safety (which in turn requires you to go to a web site instead of setting time limits locally)
- to complain about a mis-feature (like the above) you are directed to use the Windows Feedback app, which in turn will only work if you set diagnostics to on.
Replying to self: Microsoft would have more credibility (especially to enterprise users) if they were to provide this kind of one-stop documentation themselves.
Any scripts out there that go on the offensive, rather than just opting me out? Something that sends reams of plausible data to Microsoft so that any semblance of usefulness is lost in the chaff.
reply